class UsersController < ApplicationController
  
  include CoreHelper
  include UsersHelper
  
  
  # GET /users
  # GET /users.xml
  def index
   # @users = User.find(:all)
    @user = User.find(session[:user_id]) unless session[:user_id] == nil
    
    if( @user.privilege == $super_privilege) 
      @menutype = $super_logout
    else 
      @menutype = $logout 
    end
    
    respond_to do |format|
      format.html # index.html.erb
      format.xml  { render :xml => @users }
    end
  end

  
  # GET /users/1
  # GET /users/1.xml
  def show
    @user = User.find(session[:user_id])
    
    if(params[:type] == "show_all") 
      show_all(session[:user_id])
    else
      show_edit(@user) 
    end

  end
  
  

 
  # GET /users/new
  # GET /users/new.xml
  def new
    @user = User.new
    @privilege = params[:type]
    session[:privilege] = params[:type]
    
    # Here we check if the user is a super user or not, 
    #if it is that means that the user is login and we have to return to the user_controller index
    #otherwise the wannabe new user is in the index of core_controller
    if(Integer(@privilege) == $super_privilege)
      @menutype = $super_logout
      @return = $users_controller
    else
      @menutype = $login
      @return = $core_controller
    end

    respond_to do |format|
      format.html # new.html.erb
      format.xml  { render :xml => @user }
    end
  end

  # GET /users/1/edit
  def edit
    @user = User.find(session[:user_id])
  end

  
  # POST /users
  # POST /users.xml
  def create
    @user = User.new(params[:user])  
    @user.privilege = session[:privilege]
    
    respond_to do |format|
      if @user.save_with_validation(true)
        session[:privilege] = nil
        flash[:notice] =  unless session[:user_id] != nil then 'Welcome '+@user.name.to_s+". Now you can login!" else 'User '+@user.name.to_s+' is now in our database.' end
        if session[:user_id] == nil
          format.html { redirect_to :controller => "core", :action => "index" }
        else
          format.html { redirect_to :controller => "users", :action => "index" }
        end
      else
        format.html { render :action => "new" }
        format.xml  { render :xml => @user.errors, :status => :unprocessable_entity }
      end
    end
  end

  
  # PUT /users/1
  # PUT /users/1.xml
  def update
    @user = User.find(session[:user_id])

    respond_to do |format|
      if @user.update_attributes(params[:user])
        flash[:notice] = 'User was successfully updated.'
        #Here we redirect to main with the user so we dont go out of the session
        format.html { redirect_to :controller => "users", :action => "index"}
        format.xml  { head :ok }
      else
        @body = unless @user.privilege == 1 then 'users/templates/edit' else 'users/templates/edit_super' end
        format.html { render :action => "edit" }
        format.xml  { render :xml => @user.errors, :status => :unprocessable_entity }
      end
    end
  end

 
  # DELETE /users/1
  # DELETE /users/1.xml
  def destroy
    @user = User.find(params[:id])
    @current_session_user = User.find(session[:user_id])

    @user.destroy
    @user = User.find(session[:user_id])
    @users = User.find(:all, :order => "name")
    render :partial => 'users/templates/show_all_users'

#    respond_to do |format|
#      format.html { redirect_to(users_url) }
#      format.xml  { head :ok }
#    end
  end
  
  
  #This is how we check if a user already exist in the db.
  #We look for the user email since is unique and then if it exist we check for the password.
  def login
      info = params[:user]
      @user = User.find_by_sql ["SELECT * FROM users WHERE email = ?", info[:email]]
      @user =  @user[0]
    if (@user == nil) || !(@user.password == info[:password])
      @user = User.new
      flash[:notice] = 'Sorry but no match found.'
      return (redirect_to :controller => "core", :action => "index" )
    else
      session[:user_id] = @user.id
      redirect_to :controller => "users", :action => "index"
    end
  end
  
  
end
